Expert Advice Community

Guest

Custom Control Creation

  Quote
Guest
Guest user Created:   Jan 23, 2023 Last commented:   Jan 23, 2023

Custom Control Creation

Having operating system software and databases that are at the end-of-support life cycle is a serious and ever-present vulnerability in any IT operation. I do not find this vulnerability in Conformio. I then tried to create this vulnerability, but I could not find a suitable Control from the list that is presented for selection. Conformio does not allow me to create a new control. Software and Database maintenance updates would be an appropriate control. This also applies to the vulnerability of using software that is not current. Please advise how I should proceed to create this new vulnerability.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 23, 2023

Considering your stated situation (Having operating system software and databases that are at the end-of-support life cycle), suggested assets, vulnerabilities, and threats, with respective controls are:

  • Assets: “Operating systems” and “Database management systems”
  • Vulnerabilities: “Rules for software and its databases not clearly defined” and “Requirements for software development not clearly defined”
  • Threats: “Maintenance errors” and “Application error”
  • Controls: “A.8.25 - Secure development life cycle” and “A.8.8  Management of technical vulnerabilities”

Please note that end-of-support is part of the retirement step of an asset life cycle management process (in this case, applied to assets operating system software and databases), and so it is an expected situation for IT operations.

Considering that, the vulnerability, in this case, would be related to not knowing what to do by this time.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 23, 2023

Jan 23, 2023

Suggested Topics

Guest user Created:   Feb 09, 2021 ISO 27001 & 22301
Replies: 1
0 0

Control A.14.3.1

Brad Created:   Apr 22, 2024 ISO 27001 & 22301
Replies: 1
0 0

Custom Edit Documents